Hacker Newsnew | comments | show | ask | jobs | submitlogin
regularfry 547 days ago | link | parent

Sorry, would you mind clarifying? Any Ruby app? So a Sinatra app which happened to YAML.load would also be at risk?


tptacek 547 days ago | link

Yes, if attackers controlled the content of the YAML message.

-----

Turing_Machine 546 days ago | link

In much the same way that letting attackers control the parameters to fork() would be a bad idea for a C program or letting attackers control the parameters to Runtime.exec() would be a bad idea for a Java program.

This is a Rails vulnerability, not a Ruby vulnerability.

-----




Guidelines | FAQ | Lists | Bookmarklet | DMCA | News News | Bugs and Feature Requests | Y Combinator | Apply | Library | Contact

Search: